About bbilut

Looks like the issue I was seeing was caused by Chrome, as I've verified I no longer experience the Palo Alto Block Page when my students do a search.   I just uninstalled and verified   Chrome: 69.0.3497.100 (and earlier) have no issues Chrome: 70.0.3538.67 - Safe search block page (even though safe search is forced on with GPO policy) Chrome: 70.0.3538.77 - Safe search block page (even though safe search is forced on with GPO policy) Chrome: 70.0.3538.102 - No issues ... View more

I have not tested it with Firefox or IE... mainly because we have safe search enforcement set in Chrome via Windows Group Policy. Firefox, does not have really policy support, and I don't think the IE GPO has a setting for safe search enforcement.   I can replicate this every time where it works fine in Chrome 69, and as soon as I upgrade to Chrome 70 the search always get blocked saying you have to turn on safe search (even though it's on via GPO). If I hit refresh or F5 at the block page the search will complete properly in (safe search mode). ... View more

I'm having this same problem. We've been using Safe Search enforcement on the Palo and Safe Search policy via GPO for at least 4 years. I finally figured out that it broke for me when Chrome v70 came out. I'm rolling about 26,000 student computers back to Chrome 69 until I figure out what is either broke or changed in Chrome 70. ... View more

I do the same... I'm usually a week behind because their updates have burnt me in the past several times. This one seemed urgent so I manually updated this morning. I guess that was a mistake. ... View more

I'm rolling back to 8076 and I'll report back what happens. I was getting a detection about every minute or multiple per minute with 8077.   Edit: 8076 seems to have stopped the mass amount of alerts. ... View more

Same here...I installed 8077 this morning when I get in after reading the email and I'm getting Fallout alerts like crazy. I don't have as many as you, but people just starting coming in.   ... View more

As far as I'm aware the PA can not decrypt QUIC. I have a Chrome group policy on my environement disabling QUIC in the browser and I block QUIC high up in my rules which would causes Chrome to fail back to SSL. ... View more

3.1.5 ... View more

I went to 1703 on my home machine the day it was released and I have not had any problems with the 3.1.5 version. ... View more

I upgraded from 7.0.13 to 7.1.7 and I have tons of problems with USERID on the 7.1.x code. I had two tickets open and they opened two bugs for me. One of the problems was the useridd was crashing every several minutes. This was causing me all kinds of problems with userid including portal problems. They claimed my bugs were fixed in 7.1.9, but I'm sticking on the 7.0.x code for now. ... View more

We were also a heavy Novell shop and for several years had our Palo Alto userID pointing to both eDir and AD as we transistioned our 40k users away from eDir. I had the same problem with our users that were still on the eDir side, and I never really found a solution. Once you get off eDir you won't have anymore problems.... maybe you can just step up your migration. The captive portal might be a temporary solution for you as well. ... View more

Do you have your decryption cert installed in the machines trusted root certificate authorities?   The thing I've noticed with Chrome in a recent version update is that if you don't have your decryption cert installed it will not let you bypass the decryption errors to go to a google.com owned site. ... View more

If your computers are in a Windows domain you can easily use Group Policy to push your cert out too all your machines and put it in the trusted root. Like some other have mentioned this will take care of Chrome, IE, & Edge, but not Firefox as they have their own cert store and don't use the one built into Windows. ... View more

I'm just using Windows server monitor and I don't do any types of client probing as I have 30,000+ machines and it's just not reasonable to probe that many machines. We have a mix of Windows 7, 8.1 and 10 machines and as long as they authenticate to the domain we have no issues reading the user mapping from the domain security logs.   When I originally set this up it didn't work because I was not auditing the proper events on my domain controllers and I had problems with the ID dropping and had to set the cache to 1 minute more than my Group Policy refresh time, so I have my cache set to 121 minutes as I notice when the GPO refreshes it trips an event in the security log. ... View more